Privacy Statement

Introduction and Purpose

This Privacy Policy sets out how Catholic Education Diocese of Parramatta (CEDP), its schools, Catholic Early Learning Centres (CELCs) and Catholic Out of School Hours Care services (COSHCs) manage the personal and sensitive information we collect and hold.

From time to time, we may review and update this Privacy Policy to take account of new laws and technology, changes to operations and practices, and to make sure it remains appropriate to the changing educational environment. A related document is the Privacy Compliance Manual (May 2018), which we use as a resource to comply with our legal obligations. This document is also updated and reviewed from time to time by the National Catholic Education Commission based on expert legal advice.

Scope

This Privacy Policy applies to CEDP, its schools, CELCs and COSHCs.

We are bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988. In relation to health records, we are bound by the Health Privacy Principles contained in the NSW Health Records and Information Privacy Act 2002 (Health Records Act).

Under the Privacy Act and the Health Records Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the treatment of an employee record, where the treatment is directly related to a current or former employment relationship between CEDP and employee. Personal information concerning job applicants, employees and contractors is used to manage employment and meet applicable legal obligations, such as obligations arising from child protection legislation.

The Privacy Act confers a range of enforcement powers on the Commissioner, including civil penalty provision for serious or repeated interference with privacy. The maximum penalty is $420,000 for an individual and $2.1 million for a body corporate.

Definitions

Parent means parent and/or guardian.

Pupil means a person who is being taught by another, especially a schoolchild or student, but includes children in our CELCs and COSHCs.

Sensitive information is personal information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, health, sexual orientation or practices or criminal record.

01 Collection of personal information

The type of personal information CEDP, its schools, CELCs and COSHCs collect and hold includes (but is not limited to) information about:

pupils and parents before, during and after the course of a pupil’s enrolment at the school:

work emails and private emails (when using work email address) and internet browsing history; and

other people who come into contact with CEDP, its schools, CELCs and COSHCs, including (but not limited to) name and contact details.

Personal information you provide

CEDP, its schools, CELCs and COSHCs will generally collect personal information held about an individual by way of forms filled out by parents or pupils, from face-to-face meetings and interviews, in emails and from telephone calls. Occasionally, people other than parents and pupils provide us with personal information.

Personal information provided by other people

In some circumstances, CEDP, its schools, CELCs and COSHCs may be provided with personal information about an individual from a third party, for example, a report provided by a medical professional or a reference from another school.

Nationally Consistent Collection of Data (NCCD) on Students with Disability CEDP and its schools are required to collect personal information from schools to meet obligations under the Commonwealth Government’s Australian education legislation (Australian Education Act 2013, Australian Education Regulation 2013). The legislation requires relevant school authorities to provide the Commonwealth Department of Education and Training with information about students with a disability.

In NSW, the approved system authority for Catholic schools is Catholic Schools NSW (CSNSW). CEDP is required to disclose its NCCD collection to CSNSW for the purpose of complying with the Australian Education Act and Australian Education Regulation.

02 Usage of personal information

CEDP, its schools, CELCs and COSHCs will use personal information collected from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.

Pupils and Parents

In relation to personal information of pupils and parents, the primary purpose of collection is to enable CEDP, its schools, CELCs and COSHCs to educate pupils, exercise duty of care and perform necessary associated administrative activities, which will enable pupils to take part in all relevant activities. This includes satisfying the needs of parents, the needs of the pupil and our needs throughout the whole period the pupil is enrolled.

The purposes for which we use personal information of pupils and parents include:

to keep parents informed about matters related to their child's schooling, through correspondence, newsletters and magazines

In some cases where we request personal information about a pupil or parent, if the information requested is not obtained, we may not be able to enrol or continue the enrolment of the pupil or permit the pupil to take part in a particular activity.

Volunteers

We also obtain personal information about volunteers who assist schools in their functions or conduct associated activities to enable us and the volunteers to work together.

Marketing and fundraising

CEDP, its schools, CELCs and COSHCs treat marketing and seeking donations for future growth and development as an important part of ensuring that we continue to provide quality learning environments in which both pupils and staff thrive. Personal information we hold may be disclosed to an organisation that assists in fundraising for the above purpose.

Parents, staff, contractors and other members of the wider school community may from time to time receive fundraising information. Publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.

Exception in relation to related schools

This allows (for example) CEDP schools to transfer information when a pupil transfers from one CEDP school to another. However, a CEDP school may only use this personal information for the purpose for which it was originally collected.

03 Disclosure and storage of personal information

In accordance with Australian Privacy Principle 6, CEDP, its schools, CELCs and COSHCs may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes. This may include to:

other schools and teachers at those schools

government departments (including for policy and funding purposes)

CEDP, CSNSW, the school’s local diocese and the parish, other related church agencies/entities, and schools within other dioceses

medical practitioners

people providing educational, support and health services to the school, including specialist visiting teachers, coaches, volunteers, and counsellors

providers of specialist advisory services and assistance to the school, including in the area of Human Resources, child protection and students with additional needs

providers of learning and assessment tools

assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration
Authorities (who will disclose it to the entity that manages the online platform for NAPLAN)

people providing administrative and financial services to the school

recipients of school publications, such as newsletters and magazines

pupils’ parents

anyone you authorise the school to disclose information to; and

anyone to whom we are required or authorised to disclose the information by law, including child protection laws.

Sending and storing information overseas

We may disclose personal information about an individual to overseas recipients, for example, to facilitate a school exchange. However, we will not send personal information about an individual outside Australia without:

obtaining the consent of the individual (in some cases this consent will be implied); and

otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

We may use third party online or ‘cloud’ service providers to store personal information and to provide services that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the cloud, which means that it may reside on service provider’s servers, which may be situated outside Australia.

An example of such a cloud service provider is Google. Google provides the ‘Google Apps for Education’ (GAFE) including Gmail, and stores and processes limited personal information for this purpose. School personnel, CEDP and their service providers may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering GAFE and ensuring its proper use.

We make reasonable efforts to be satisfied about the protection and security of any personal information processed and stored outside Australia as not all countries are bound by laws which provide the same level of protection for personal information provided by the Australian Privacy Principles. Where we use the servers of cloud service providers or other third party service providers, they will be located in countries which have substantially similar protections as the Australian Privacy Principles.

04 Sensitive information

Sensitive information is information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

05 Management and security of personal information

CEDP, its schools, CELCs, COSHCs and staff are required to respect the confidentiality of pupils’ and parents’ personal information and the privacy of individuals. We have in place steps to protect personal information we hold from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods. These methods include, but are not limited to, locked storage of paper records, access protocols, password protected access to computerised records and encryption.

CEDP will respond to any incidents that may affect the security of the personal information it holds in accordance with its obligations under the Privacy Act, including the notifiable data breaches scheme. If CEDP assesses that the security of personal information is breached in such a way that cannot be remedied and that a person is likely to suffer serious harm as a result of the breach, we will notify that person and the Office of the Australian Information Commissioner of the breach. Moreover, CEDP will respond to any such incidents by taking steps to contain any breach and minimise any likely harm to a person.

Do not share your personal information with anyone without first verifying their identity and confirming the organisation to which they belong. If you believe any of your personal information has been compromised, please let CEDP know immediately.

06 Access and correction of personal information

Under the Commonwealth Privacy Act and Health Records Act, an individual has the right to request and obtain access to any personal information which we hold about them and may request correction of any perceived inaccuracy in that information. There are some exceptions to the access right set out in the applicable legislation. Pupils will generally be able to access and update their personal information through their parents, but older pupils may seek access and correction themselves. Again, there are some exceptions to these rights set out in the applicable legislation.

To make a request to access or to correct any personal information we hold about you or your child, please contact us. You may be required to verify your identity and specify what information you require. You may be charged a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, you will be advised of the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.

07 Consent and rights to personal information of pupils

CEDP respects every parent’s right to make decisions concerning their child’s education.

Generally, a school will refer any requests for consent and notices in relation to the personal information of a pupil to the pupil’s parents. A school will treat consent given by parents as consent given on behalf of the pupil and notice to parents will act as notice given to the pupil.

Parents may seek access to personal information held by a school or CEDP about them or their child by contacting the school principal or CEDP. However, there may be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of our duty of care to the pupil.

A school may, at its discretion, on the request of a pupil, grant that pupil access to information held by the school about them, or allow a pupil to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the pupil and/or the pupil’s personal circumstances warrant it.

08 Further information

If you would like further information about the way we manage the personal information we hold about you, or believe that we have breached our privacy obligations, please contact the Catholic Education Diocese of Parramatta on (02) 9840 5600, via mail (Locked Bag 4, North Parramatta NSW 1750) or at privacy@parra.catholic.edu.au.

We will investigate and will notify you of a decision as soon as is practicable.

Contact Us

Contact the school by phone on 4737 5500 during school office hours 8:30am to 3:00pm or send us a message by email.